Hi, by using IDEALX scripts (smbldap-tools-0.9.2) this is what i've find. in my smb.conf file i've put those lines : add user script = /usr/local/sbin/smbldap-useradd -a -m "%u" delete user script = /usr/local/sbin/smbldap-userdel "%u" add group script = /usr/local/sbin/smbldap-groupadd -p "%g" delete group script = /usr/local/sbin/smbldap-groupadd -p "%g" add user to group script = /usr/local/sbin/smbldap-groupmod -m "%u" "%g" delete user from group script = /usr/local/sbin/smbldap-groupmod -x "%u" "%g" set primary group script = /usr/local/sbin/smbldap-usermod -g "%g" "%u" add machine script = /usr/local/sbin/smbldap-useradd -w "%u" then using smbldap-populate -> good , net rpc join -> good and net rpc vampire commands with debug -d 3 with net rpc vampire -> not good. The debug looks like : Creating account: vincent-admin [2006/02/22 17:26:06, 1] utils/net_rpc_samsync.c:fetch_account_info(534) fetch_account: Running the command `/usr/local/sbin/smbldap-useradd -a -m "vincent-admin"' gave 0 [2006/02/22 17:26:06, 3] utils/net_rpc_samsync.c:fetch_account_info(548) Attempting to find SID S-1-5-21-1694593686-2069964415-1230779191-1046 for user vincent-admin in the passdb [2006/02/22 17:26:06, 3] utils/net_rpc_samsync.c:fetch_account_info(552) Attempting to add user SID S-1-5-21-1694593686-2069964415-1230779191-1046 for user vincent-admin in the passdb [2006/02/22 17:26:06, 0] passdb/pdb_ldap.c:ldapsam_add_sam_account(1980) ldapsam_add_sam_account: User 'vincent-admin' already in the base, with samba attributes [2006/02/22 17:26:06, 1] utils/net_rpc_samsync.c:fetch_account_info(555) SAM Account for vincent-admin failed to be added to the passdb! This means that during vampire procedure the user vincent-admin was create as samba profile with SID = 2*RID +1000 (idealx script) in openldap. then receiving SID from NT4 server but can't create same user with this SID b'cause user already exists. The problem come at the vampire end procedure when triing to associate windows nt4 groups on samba with the wrong sid : 1047 for windows sid and 3020 for samba first profile created. When removing -a option in the add user script line the profile is well create with good sid during account migration, and everything seems to be good. AND NOT grrrrr. of course sid are good but by removing -a option my account is not created with sambaHomePath, sambaHomeDrive, and many other samba account parameters. Creating account: vincent-admin [2006/02/23 11:13:00, 1] utils/net_rpc_samsync.c:fetch_account_info(534) fetch_account: Running the command `/usr/local/sbin/smbldap-useradd -m "vincent-admin"' gave 0 [2006/02/23 11:13:00, 3] utils/net_rpc_samsync.c:fetch_account_info(548) Attempting to find SID S-1-5-21-1694593686-2069964415-1230779191-1046 for user vincent-admin in the passdb [2006/02/23 11:13:00, 3] utils/net_rpc_samsync.c:fetch_account_info(552) Attempting to add user SID S-1-5-21-1694593686-2069964415-1230779191-1046 for user vincent-admin in the passdb [2006/02/23 11:13:00, 3] passdb/pdb_ldap.c:ldapsam_add_sam_account(2031) ldapsam_add_sam_account: User exists without samba attributes: adding them [2006/02/23 11:13:00, 2] passdb/pdb_ldap.c:init_ldap_from_sam(1064) init_ldap_from_sam: Setting entry for user: vincent-admin [2006/02/23 11:13:00, 2] passdb/pdb_ldap.c:ldapsam_add_sam_account(2141) ldapsam_add_sam_account: added: uid == vincent-admin in the LDAP database [2006/02/23 11:13:00, 2] passdb/pdb_ldap.c:init_group_from_ldap(2199) init_group_from_ldap: Entry found for group: 513 i'm triing to find how to fixe this bug if it is or is there something wrong i've made during the configuration ? I'm using samba 3.0.21b, openldap-2.2.13-4 on a Red Hat Enterprise Linux 4 ES. Windows NT4 French server. Thank Vincent